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Recently, many formal methods, such as the SCR (Software Cost Reduction) requirements 
method, have been proposed for improving the quality of software specifications. 
Although improved specifications are valuable, the ultimate objective of software 
development is to produce software that satisfies its requirements. To evaluate the 
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Finite-state verification techniques, such as model checking, have shown promise as a 
cost-effective means for finding defects in hardware designs. To date, the application of 
these techniques to software has been hindered by several obstacles. Chief among these 
is the problem of constructing a finite-state model that approximates the executable 
behavior of the software system of interest. Current best-practice involves hand- 
construction of models which is expensive (prohibitive for all but ... 
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ASTRAL is a high-level formal specification language for real-time systems. It has 
structuring mechanisms that allow one to build modularized specifications of complex 
real-time systems with layering. Based upon the ASTRAL symbolic model checler reported 
in [13], three approximation techniques to speed-up the model checking process for use 
in debugging a specification are presented. The techniques are random walk, partial 
image and dynamic environment generation. Ten mutation tests on a rai ... 
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This paper describes an experiment to use the Spin model checking system to support 
automated verification of time partitioning in the Honeywell DEOS real-time scheduling 
kernel. The goal of the experiment was to investigate whether model checking could be 
used to find a subtle implementation error that was originally discovered and fixed during 
the standard formal review process. To conduct the experiment, a core slice of the DEOS 
scheduling kernel was first translated without abstraction ... 
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When a program P fails to satisfy a requirement R supposedly ensured by a detailed 
specification S that was used to implement P, there is a question about whether the 
problem arises in S or in P. We call this determination fault origin adjudication and 
illustrate its significance in various software engineering contexts. The primary 
contribution of this paper is a fra ... 
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We present our experiences with the formal verification of an automotivechip used to 
control the safety features in a car. We useda BDD based model checker in our work. We 
describe our verificationmethodology for verifying a very complicated property on 
arelatively large design. We also describe the bugs that were foundand present our views 
on how to make model checking an effectiveintegrated part of the design flow for complex 
hardware systems. 
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Forward model checking is an efficient symbolic model checking method for verifying 
realistic properties of sequential circuits and protocols. In this paper, we present the 
techniques that modify the order of state traversal on forward model checking, and that 
dramatically improve average CPU time for finding design errors. A failing property has to 
be checked again and again to analyze the bug until it is corrected. The techniques, 
therefore, can have significant impacts on actual verification ... 
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Alcoa is a tool for analyzing object models. It has a range of uses. At one end, it can act 
as a support tool for object model diagrams, checking for consistency of multiplicities and 
generating sample snapshots. At the other end, it embodies a lightweight formal method 
in which subtle properties of behaviour can be investigated. Alcoa's input language, Alloy, 
is a new notation based on Z. Its development was motivated by the need for a notation 
that is more closely tailored to ob ... 
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As software systems become more complex, the overall system structure— or software 
architecture— becomes a central design problem. An important step toward an 
engineering discipline of software is a formal basis for describing and analyzing these 
designs. In the article we present a formal approach to one aspect of architectural design: 
the interactions among components. The key idea is to define architectural connectors as 
explicit semantic entities. These are specified as a col ... 
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Symbolic Model checking is a widely used technique in sequential verification. As the size 
of the OBDDs and also the computation time depends on the order of the input variables, 
the verification may only succeed if a well suited variable order is chosen. Since the 
characteristics of the represented functions are changing, the variable order has to be 
adapted dynamically. Unfortunately, dynamic reordering strategies are often very time 
consuming and sometimes do not provide any improvement of ... 
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The Ravenscar profile for high integrity systems using Ada 95 is well defined in all real- 



time aspects. The complexity of the run-time system has been reduced to allow full 
utilization of formal methods for applications using the Ravenscar profile. In the Mana 
project a tool set is being developed including a formal model of a Ravenscar compliant 
run-time system, a gnat compatible run-time system, and an ASIS based tool to allow for 
the verification of a system including both COTS and code that ... 
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In this article we present a comprehensive survey of various approaches for the 
verification of cache coherence protocols based on state enumeration, (symbolic model 
checking, and symbolic state models. Since these techniques search the state space of 
the protocol exhaustively, the amount of memory required to manipulate that state 
information and the verification time grow very fast with the number of processors and 
the complexity of the protocol mechanism ... 
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